Security Toolbox for Detecting Novel and Sophisticated Android Malware

This paper presents a demo of our Security Toolbox to detect novel malware in Android apps. This Toolbox is developed through our recent research project funded by the DARPA Automated Program Analysis for Cybersecurity (APAC) project. The adversarial challenge ("Red") teams in the DARPA APAC program are tasked with designing sophisticated malware to test the bounds of malware detection technology being developed by the research and development ("Blue") teams. Our research group, a Blue team in the DARPA APAC program, proposed a "human-in-the-loop program analysis" approach to detect malware given the source or Java bytecode for an Android app. Our malware detection apparatus consists of two components: a general-purpose program analysis platform called Atlas, and a Security Toolbox built on the Atlas platform. This paper describes the major design goals, the Toolbox components to achieve the goals, and the workflow for auditing Android apps. The accompanying video (http://youtu.be/WhcoAX3HiNU) illustrates features of the Toolbox through a live audit.Comment: 4 pages, 1 listing, 2 figure

Security Toolbox for Detecting Novel and Sophisticated Android Malware *

Abstract-This paper presents a demo of our Security Toolbox to detect novel malware in Android apps. This Toolbox is developed through our recent research project funded by the DARPA Automated Program Analysis for Cybersecurity (APAC) project. The adversarial challenge ("Red") teams in the DARPA APAC program are tasked with designing sophisticated malware to test the bounds of malware detection technology being developed by the research and development ("Blue") teams. Our research group, a Blue team in the DARPA APAC program, proposed a "human-in-the-loop program analysis" approach to detect malware given the source or Java bytecode for an Android app. Our malware detection apparatus consists of two components: a general-purpose program analysis platform called Atlas, and a Security Toolbox built on the Atlas platform. This paper describes the major design goals, the Toolbox components to achieve the goals, and the workflow for auditing Android apps. The accompanying video illustrates features of the Toolbox through a live audit. Video: http://youtu.be/WhcoAX3HiN

Open architecture as an enabler for FORCEnet

This project concentrates on implementing network centric military operations with specific threat engagement scenarios using legacy and future warfare systems based on open architecture concepts. These systems may be based at sea, on land or in the air, and provide fire control solutions that match sensed threats to available weapons throughout the battle space. Using a unique methodology, the project provides the following: 1) characterization of the battle space 2) description of the design principles applied and 3) a conceptual design. The conceptual design is then modeled using ARENA�Ӊ�� simulation software in an attempt to validate the proposed architecture. The project concentrates on implementing three very specific scenarios: Engage on Remote (EOR), Forward Pass (FP), and Remote Fire (RF). These concepts are applied to the FORCEnet Open Architecture Domain Model using legacy and future Naval systems such as AEGIS Cruisers and Destroyers, DD(x), CG(x), Littoral Combat Ship (LCS), and Joint Land Attack Cruise Missile Defense Elevated Netted Sensor System (JLENS). As a part of the above scenarios, the presentation will address specifics on best shooter selection. The resulting functional architecture and data flows transform concepts into real engagement methods. These methods will match the Detect-Control-Engage (DCE) sequence with Observe-Orient-Decide and Act (OODA), and employ current methods of data fusion from various platforms to provide a true integrated fire control solution. Combat identified threats on the network can then be matched to any available weapons on the network, and the preferred shooter selected can efficiently engage the threat. Thus, the effective and efficient use of all sensors and weapons available in the battle space becomes possible.This project concentrates on implementing network centric military operations with specific threat engagement scenarios using legacy and future warfare systems based on open architecture concepts. These systems may be based at sea, on land or in the air, and provide fire control solutions that match sensed threats to available weapons throughout the battle space. Using a unique methodology, the project provides the following: 1) characterization of the battle space 2) description of the design principles applied and 3) a conceptual design. The conceptual design is then modeled using ARENAÔ‘ simulation software in an attempt to validate the proposed architecture. The project concentrates on implementing three very specific scenarios: Engage on Remote (EOR), Forward Pass (FP), and Remote Fire (RF). These concepts are applied to the FORCEnet Open Architecture Domain Model using legacy and future Naval systems such as AEGIS Cruisers and Destroyers, DD(x), CG(x), Littoral Combat Ship (LCS), and Joint Land Attack Cruise Missile Defense Elevated Netted Sensor System (JLENS). As a part of the above scenarios, the presentation will address specifics on best shooter selection. The resulting functional architecture and data flows transform concepts into real engagement methods. These methods will match the Detect-Control-Engage (DCE) sequence with Observe-Orient-Decide and Act (OODA), and employ current methods of data fusion from various platforms to provide a true integrated fire control solution. Combat identified threats on the network can then be matched to any available weapons on the network, and the preferred shooter selected can efficiently engage the threat. Thus, the effective and efficient use of all sensors and weapons available in the battle space becomes possible.http://archive.org/details/openrchitectures109456925N